Hi There, For security purposes we disable paths and functions, is there a way we can enable the pgp binary if we move it to the enigma home directory?Class 'enigma_driver_gpg' not found in .... is the error we keep getting. disable_functions = exec, shell_exec, system, virtual, show_source, passthru, escapeshellcmd, proc_open, popen, pclose, phpinfo, parse_ini_file, eval _______________________________________________ Roundcube Users mailing list [hidden email] http://lists.roundcube.net/mailman/listinfo/users |
On 07/20/2016 09:40 AM, Nick Edwards wrote:
> For security purposes we disable paths and functions, is there a way we > can enable the pgp binary if we move it to the enigma home directory? You can already set path to gpg binary via enigma_pgp_binary option. However, for GnuPG 2.x you'll need to set also gpg-agent path which is not yet supported by config option. You'd need to set $options['agent'] around https://github.com/roundcube/roundcubemail/blob/master/plugins/enigma/lib/enigma_driver_gnupg.php#L87 > We have also > disable_functions = exec, shell_exec, system, virtual, show_source, > passthru, escapeshellcmd, proc_open, popen, pclose, phpinfo, > parse_ini_file, eval Crypt_GPG uses proc_open(). -- Aleksander 'A.L.E.C' Machniak Kolab Groupware Developer [http://kolab.org] Roundcube Webmail Developer [http://roundcube.net] --------------------------------------------------- PGP: 19359DC1 @@ GG: 2275252 @@ WWW: http://alec.pl _______________________________________________ Roundcube Users mailing list [hidden email] http://lists.roundcube.net/mailman/listinfo/users |
Hi Alec, // Enigma Plugin options // -------------------- // A driver to use for PGP. Default: "gnupg". $rcmail_config['enigma_pgp_driver'] = 'gnupg'; // A driver to use for S/MIME. Default: "phpssl". $rcmail_config['enigma_smime_driver'] = 'phpssl'; // Keys directory for all users. Default 'enigma/home'. // Must be writeable by PHP process $rcmail_config['enigma_pgp_homedir'] = null; $rcmail_config['enigma_pgp_binary'] = '/opt/webmail/plugins/enigma/gpg'; ^^^^^^^ This doesn't seem to change anything? [Thu Jul 21 13:44:54.060378 2016] [:error] [pid 6431:tid 2843577200] [client ] PHP Warning: is_executable(): open_basedir restriction in effect. File(/usr/bin/gpg) is not within the allowed path(s): ( bunch of paths) in /opt/webmail/plugins/enigma/lib/Crypt/GPG/Engine.php on line 1651, referer: https://xxxxxxxxxxxx/?_task=settings&_action=plugin.enigmakeys repeat this with attempt at /usr/local/bin/gpg then [Thu Jul 21 13:44:54.093373 2016] [:error] [pid 6431:tid 2843577200] [client ] PHP Fatal error: Call to undefined method Crypt_GPG_SubKey::usage() in /opt/webmail/plugins/enigma/lib/enigma_driver_gnupg.php on line 437, referer: https://xxxxxxxxxxxxxx/?_task=settings&_action=plugin.enigmakeys we are using gnupg 1.4.x On Wed, Jul 20, 2016 at 5:52 PM, A.L.E.C <[hidden email]> wrote: On 07/20/2016 09:40 AM, Nick Edwards wrote: _______________________________________________ Roundcube Users mailing list [hidden email] http://lists.roundcube.net/mailman/listinfo/users |
After sorting out proc_open but changing to suhosin blacklist instead native php disable, things progressed, however just wiped out the config and used fresh, with and without $rcmail_config or $config... I clearly have wrong option idea for the path to it as roundcube error now says binary not found, is $config['enigma_pgp_binary'] = 'path/file'; actually the right entry to use? On Thu, Jul 21, 2016 at 1:52 PM, Nick Edwards <[hidden email]> wrote:
_______________________________________________ Roundcube Users mailing list [hidden email] http://lists.roundcube.net/mailman/listinfo/users |
On 07/21/2016 07:02 AM, Nick Edwards wrote:
> After sorting out proc_open but changing to suhosin blacklist instead > native php disable, things progressed, however > just wiped out the config and used fresh, with and without > $rcmail_config or $config... I clearly have wrong option idea for the > path to it as roundcube error now says binary not found, is > $config['enigma_pgp_binary'] = 'path/file'; actually the right entry to use? Yes, are you using git-master version? The option does not exist in 1.2.0. > [Thu Jul 21 13:44:54.093373 2016] [:error] [pid 6431:tid 2843577200] > [client ] PHP Fatal error: Call to undefined method > Crypt_GPG_SubKey::usage() in You need more recent Crypt_GPG package. -- Aleksander 'A.L.E.C' Machniak Kolab Groupware Developer [http://kolab.org] Roundcube Webmail Developer [http://roundcube.net] --------------------------------------------------- PGP: 19359DC1 @@ GG: 2275252 @@ WWW: http://alec.pl _______________________________________________ Roundcube Users mailing list [hidden email] http://lists.roundcube.net/mailman/listinfo/users |
ARG, no this is production servers so of course 'm only running stable release 1.2.0 I think we'll downgrade to 1.1.x again, since several of our plugins dont work with 1.2, and enigma clearly isnt going to work with our security restrictions, might try again when 1.2.1 or whatever is released.On Thu, Jul 21, 2016 at 3:58 PM, A.L.E.C <[hidden email]> wrote: On 07/21/2016 07:02 AM, Nick Edwards wrote: _______________________________________________ Roundcube Users mailing list [hidden email] http://lists.roundcube.net/mailman/listinfo/users |
In reply to this post by Nick Edwards
Il 2016-07-21 05:52 Nick Edwards ha scritto:
[...] > [Thu Jul 21 13:44:54.093373 2016] [:error] [pid 6431:tid 2843577200] > [client ] PHP Fatal error: Call to undefined method > Crypt_GPG_SubKey::usage() in > /opt/webmail/plugins/enigma/lib/enigma_driver_gnupg.php on line 437, > referer: > https://xxxxxxxxxxxxxx/?_task=settings&_action=plugin.enigmakeys I got the exact same error a few days ago. It appears that roundcube resets the php's "default include_path" variable, so installing Crypt_GPG via Pear in the php/lib dir doesn't help. Manually downlading the library in the enigma/lib dir solved for me. I also dropped a note about this and enigma's configuration here http://notes.sagredo.eu/node/35#enigma regards Roberto _______________________________________________ Roundcube Users mailing list [hidden email] http://lists.roundcube.net/mailman/listinfo/users |
Hello, I am getting following error in browser console when sending an
encrypted message. ============================== ReferenceError: PublicKey is not defined ==================================
enigma debug log ================== [22-Jul-2016 11:56:01 +0530]: <1sd24gpn> GPG: USING GPG
2.0.22 with PHP 5.4.16 =========================== OS: centos7.2, RC version: 1.2.0 I am not getting any other error in error log. Thanks for any suggestion. Regards, Soumitri Mishra,
On Thursday 21 July 2016 07:01 PM,
Roberto Puzzanghera wrote:
_______________________________________________ Roundcube Users mailing list [hidden email] http://lists.roundcube.net/mailman/listinfo/users |
On 07/22/2016 08:32 AM, [hidden email] wrote:
> ReferenceError: PublicKey is not defined PublicKey is defined in publickey.js > OS: centos7.2, RC version: 1.2.0 No, you don't. Key server support was added in master only. I assume you applied some commits from master to 1.2.0, which require some other changes you missed. -- Aleksander 'A.L.E.C' Machniak Kolab Groupware Developer [http://kolab.org] Roundcube Webmail Developer [http://roundcube.net] --------------------------------------------------- PGP: 19359DC1 @@ GG: 2275252 @@ WWW: http://alec.pl _______________________________________________ Roundcube Users mailing list [hidden email] http://lists.roundcube.net/mailman/listinfo/users |
Free forum by Nabble | Edit this page |